Problem with spam messages

2009-09-10 Thread an...@iguanait.com 
Hi,

in our two mail servers i see last weeks this:

non-SMTP command from 250.84.221.62.dyn.idknet.com[62.221.84.250]:
From: ? VIAGRA ? Official Site

How can i block these accesses?

our system is :

Centos 5.3 - postfix-2.3.3-2.1.el5_2 -
amavisd-maia-2.2.1-2_1.0.2.centos5 - clamd-0.95.2-4.el5.rf -
spamassassin-3.2.5-1.el5.rf.

this is our configuration:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
default_process_limit = 200
default_transport = smtp
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
local_recipient_maps = hash:/etc/mailman/aliases,
ldap:/etc/postfix/ldap-aliases.cf
mail_owner = postfix
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
max_use = 10
message_size_limit = 16777216
mydestination = $myhostname,localhost.$mydomain,localhost,
localhost.localdomain
mydomain = $myhostname
myhostname = myhost.domain.tld
mynetworks = 127.0.0.0/8
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_delimiter = +
relay_domains = $myhostname,localhost,  hash:/etc/postfix/relay_domains
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_client_restrictions = permit_mynetworks,
permit_sasl_authenticated,  check_client_access hash:/etc/postfix/access,
reject_unauth_pipelining,   reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,   reject_rbl_client combined.njabl.org,
permit
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated,
check_helo_access hash:/etc/postfix/access_helo,
reject_invalid_hostname,reject_unauth_pipelining,   permit
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
permit_mynetworks,  permit_sasl_authenticated,  
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/access_recipient,
reject_unknown_recipient_domain,reject_unauth_pipelining,   permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf
smtpd_sender_restrictions = reject_non_fqdn_sender, permit_mynetworks,
permit_sasl_authenticated,  check_sender_access
hash:/etc/postfix/access_sender,check_client_access
cidr:/etc/postfix/access_client,reject_sender_login_mismatch,
reject_unknown_sender_domain,   reject_unauth_pipelining,   permit
smtpd_tls_CAfile = /etc/pki/tls/certs/gd_intermediate_bundle.crt
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport,
hash:/etc/postfix/transport_domains
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/destination_domains
virtual_alias_maps = hash:/etc/postfix/virtual,
ldap:/etc/postfix/ldap-aliases.cf


Thanks in advanced!

What is the best value for first retry-window for postgrey ?

2009-05-29 Thread an...@iguanait.com 
Hi,

we have a centos 5 server that we use  for mail server and i have
installed their postgrey.

I want to ask what values do you use for retry-window option and what is
the best value for this ?

I have leave it with the default value 2 days for now, but i don't know
if it is too high.

What's your opinion?

Thanks in advance and best regards!

Re: How to allow mails from some other servers to pass: reject_sender_login_mismatch

2009-02-11 Thread an...@iguanait.com 
Hi,

yes, you are right using mynetworks is ok. I also though for this way. I
just didn't understood from beginning why it didn't work with access
file, but now is clear.

Thanks!

On Wed, 2009-02-11 at 04:35 -0500, Digest of postfix-users list wrote:
 your access file is used for check_SENDER_access, not for
 check_client_access.
 
 the easy way is to add the IP to mynetworks. otherwise add
 check_client_access cidr:/etc/postfix/access_client
 before reject_sender_login_mismatch and put the IP in acces_client:
 
 10.1.2.3/32 OK
 
 do not postmap this, since it is a cidr map.

How to allow mails from some other servers to pass: reject_sender_login_mismatch

2009-02-10 Thread an...@iguanait.com 
Hi,

i'm trying to slow down and block backscater mails and i try to use:
reject_sender_login_mismatch and smtpd_sender_login_maps.

I have some questions about how to pass this restriction for some cases.
The situation is this:

We have some other servers where we have installed other webapplication
that send mail from there using for example i...@ourdomain.com without
authentication.
These mails are sending to our mail server, but now we filter all these
addresses to prevent using our addresses in MAIL FROM to send mails to
us.

How to allow these servers to pass the rule
reject_sender_login_mismatch?

We have this configuration for sernder restrictions:

smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_sender_access hash:/etc/postfix/access,
#   reject_sender_login_mismatch,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining,
permit

i have commented out the parameter, temporary until i find out how to
solve this problem.

I added in access file this kind of entry:
serveripaddress OK

but this does not help, i got mailer-daemon mail when other server sent
mail.

Thanks in advanced!
Regards, Ali Nebi!